Nothing glaring, except of course that this error is [almost] always
caused by the absence of a call to
OpenSSL_add_all_algorithms();
which is used to set up SSL with all the available ciphers, hashes, etc.
(And given your init code, I don't see
SSL_load_error_strings()
around either, which helps with providing human-legible error
descriptions across the board. I'd expect that call above around the
same place as these.
For completeness sake: this bunch should be somewhere at the start &
exit of your application, where 'start' is preferrably before you
start up multiple threads/processes:
start:
// apps_startup() - (derived from openssl/apps/apps.h)
CRYPTO_malloc_init();
SSL_load_error_strings(); // includes: ERR_load_crypto_strings();
OpenSSL_add_all_algorithms(); // <-- seems you lack this one at least
ENGINE_load_builtin_engines();
exit:
// apps_shutdown() - (altered order: ERR_* as the _very_ last to go,
just in case...)
CONF_modules_unload(1);
OBJ_cleanup();
EVP_cleanup();
ENGINE_cleanup();
CRYPTO_cleanup_all_ex_data();
COMP_zlib_cleanup();
ERR_remove_thread_state(NULL);
ERR_free_strings();
Then inside your classes you can do as you already did.
On Thu, Jan 22, 2009 at 8:10 PM, Dan Arcari <danarc...@gmail.com> wrote:
> Hello,
>
> I'm wondering if someone can help me with a "no shared cipher" error
> occurring when I attempt SSL_accept? I'll try to explain what's being done
> as succinctly as possible:
>
> 1. There are two classes, SocketListener and SocketClient. Each does the
> following as part of SSL initialization (pseudocode here):
> context = SSL_CTX_new(TLSv1_method());
> connection = SSL_new(context);
> SSL_CTX_use_certificate_file(
> context, path_to_cert, SSL_FILETYPE_PEM);
> SSL_CTX_use_PrivateKey_file(context, path_to_key, SSL_FILETYPE_PEM);
> SSL_CTX_check_private_key(context);
> SSL_set_cipher_list(connection, "ALL:eNULL");
>
>
> 2. The Listener calls all the Init stuff, calls SSL_set_fd(connection, fd),
> does normal socket bind() and listen(), calls SSL_set_accept_state() and
> then waits on accept().
>
> 3. The Client calls all of this Init stuff, does it's normal TCP connect,
> calls SSL_set_fd(connection, fd) and then calls SSL_set_connect_state() and
> finally SSL_connect().
>
> 4. When the client connection comes in, accept returns, and inside the
> listener object we create a new Client with the file descriptor returned
> from accept, and then call SSL_set_accept_state(newclient->connection,
> newclient->fd), and finally SSL_accept(newclient->connection).
>
> It's on the SSL_accept that I get the error. So I have two questions, does
> this sound like an otherwise correct procedure for establishing a basic SSL
> connection? and, what might be causing the shared cipher error?
>
> Any help is appreciated.
>
> -Dan
>
--
Met vriendelijke groeten / Best regards,
Ger Hobbelt
--------------------------------------------------
web: http://www.hobbelt.com/
http://www.hebbut.net/
mail: g...@hobbelt.com
mobile: +31-6-11 120 978
--------------------------------------------------
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
